wiki/guides/wireguard-pihole/wireguard-mit-pihole-einrichten.md

5.2 KiB

title description published date tags editor dateCreated
Anleitung zur Erstellung eines Docker-Containers für wg-easy-extended und Pihole true 2024-02-10T23:38:17.169Z markdown 2024-02-10T23:33:59.348Z

Anleitung zur Erstellung eines Docker-Containers für wg-easy-extended

Schritt 1: Docker Compose-Datei erstellen

Erstellen Sie eine Datei mit dem Namen docker-compose.yml und fügen Sie den folgenden Inhalt ein:

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    #image: pihole/pihole:latest
    image: cbcrowe/pihole-unbound:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "127.0.0.1:53:53/tcp"
      - "127.0.0.1:53:53/udp"
      #- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      #- "127.0.0.1:8084:80/tcp"
    environment:
      ServerIP: 10.8.1.3
      TZ: 'Europe/Berlin'
      WEBPASSWORD: '${PASSWORT}'
      REV_SERVER: 'false'
      DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
      DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
      DNSSEC: 'true' # Enable DNSSEC
      VIRTUAL_HOST: pihole.${WEBSEITE}
      VIRTUAL_PORT: 80
      LETSENCRYPT_HOST: pihole.${WEBSEITE}
      LETSENCRYPT_EMAIL: admin@${WEBSEITE}

    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: always

    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - flame.type=application
      - flame.name=Pi-hole
      - flame.url=https://pihole.${WEBSEITE}/admin/
      - flame.icon=dns

    networks:
      proxy:
      edge-tier:      
      dns:
        ipv4_address: 172.28.0.2
      wg-easy:
        ipv4_address: 10.8.1.3

  wg-easy-extended:
    container_name: wg-easy-extended
    environment:
      WG_HOST: brothertec.eu
      PASSWORD: ${PASSWORT}
      #- WG_DEFAULT_DNS=1.1.1.1
      WG_DEFAULT_DNS: 10.8.1.3
      WG_DEFAULT_ADDRESS: 10.8.0.x
      # - WG_MTU=1420
      WG_PERSISTENT_KEEPALIVE: 25
      WG_ALLOWED_IPS: 10.8.0.0/24,10.8.1.3
      WG_POST_UP: >
          iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE;
          iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE;
          iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth2 -j MASQUERADE;
          iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth3 -j MASQUERADE;
          iptables-legacy -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
          iptables-legacy -A FORWARD -i wg0 -j ACCEPT;
          iptables-legacy -A FORWARD -o wg0 -j ACCEPT;          
      # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
      # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
      # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
      # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt

      VIRTUAL_HOST: vpn.${WEBSEITE}
      VIRTUAL_PORT: 51821
      LETSENCRYPT_HOST: vpn.${WEBSEITE}
      LETSENCRYPT_EMAIL: admin@${WEBSEITE}
    volumes:
        - ./wg-easy:/etc/wireguard
    ports:
        - 51820:51820/udp
        #- 51821:51821/tcp
        #- 9586:9586/tcp
    cap_add:
        - NET_ADMIN
        - SYS_MODULE
    sysctls:
        - net.ipv4.conf.all.src_valid_mark=1
        - net.ipv4.ip_forward=1
    restart: unless-stopped
    image: ghcr.io/tolkonepiu/wg-easy-extended

    networks:
      proxy:
      edge-tier:
      dns:
        ipv4_address: 172.28.0.3
      wg-easy:
        ipv4_address: 10.8.1.2

    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - flame.type=application
      - flame.name=Wireguard
      - flame.url=https://vpn.${WEBSEITE}
      - flame.icon=vpn

networks:
  proxy:
    name: nginx-proxy
    external: true
  edge-tier:
    name: edge
    external: true
  dns:
    name: dns
    external: true
  wg-easy:
    ipam:
      config:
        - subnet: 10.8.1.0/24


Schritt 2: Erstellen des DNS Netzwerkes

docker network create --driver=bridge --subnet=172.28.0.0/16 dns

Schritt 3: Docker-Container starten

Navigieren Sie im Terminal zum Verzeichnis, in dem sich die docker-compose.yml-Datei befindet, und führen Sie den folgenden Befehl aus, um den Docker-Container zu starten:

docker-compose up -d

Der Parameter -d startet den Container im Hintergrund.

Nachdem der Container gestartet wurde, ist Ihr wg-easy-extended-Dienst einsatzbereit.

Quellen

https://github.com/pi-hole/docker-pi-hole

https://goneuland.de/pi-hole-mit-docker-compose-und-traefik-installieren/

https://github.com/wg-easy/wg-easy/wiki/Using-WireGuard-Easy-with-Pi-Hole

https://github.com/wg-easy/wg-easy/issues/291

https://github.com/tolkonepiu/wg-easy-extended

https://hub.docker.com/r/cbcrowe/pihole-unbound

https://docs.pi-hole.net/guides/dns/unbound/

https://www.cloudflare.com/de-de/learning/dns/dns-server-types/

https://www.kuketz-blog.de/pi-hole-einrichtung-und-konfiguration-mit-unbound-adblocker-teil2/